Hyperelliptic curves for the vector decomposition problem over fields of even characteristic (Q305442)

\textit{S. D. Galbraith} and \textit{E. R. Verheul} [Lect. Notes Comput. Sci. 4939, 308--327 (2008; Zbl 1162.94359)] showed that the \textit{Vector Decomposition Problem} (VDP) on a two-dimensional vector space is as difficult as the computational one-dimensional Diffie-Hellman problem if we choose a \textit{distortion eigenvector base} for the two-dimensional space. The paper under review concerns a cryptosystem that uses the VDP of hyperelliptic curves of genus two that are the product of two elliptic curves. Yoshida suggested to use the one-dimensional VDP of a family of elliptic curves, which turns out to be not secure enough, and \textit{I. Duursma} and \textit{N. Kiyavash} [J. Ramanujan Math. Soc. 20, No. 1, 59--76 (2005; Zbl 1110.14021)] introduced a family of hyperelliptic curves of genus two over odd characteristic to improve the security. \textit{N. P. Smart} [Lect. Notes Comput. Sci. 1592, 165--175 (1999; Zbl 0938.94010)] showed that the group operation algorithm on the Jacobian of Duursma and Kiyavash's is twice as slow as that over a field of even characteristic. The author of the paper under review considers the following family of hyperelliptic curves of genus two over a finite field \(K\) of even characteristic: \[ C : y^2 + y = \frac a {x^3 + 1} \] where \(a = \alpha^2 + \alpha\) for some \(\alpha\in K\), and shows how to generate a \textit{distortion eigenvector base} consisting of two vectors in the Jacobian variety of \(C\) over some finite field of characteristic \(2\).